(In reply to Gabriele Svelto [:gsvelto] from comment #0) > > I don't know what's the purpose of this code but given it has URL in the name and it's happening in the main process I guess this might be *very dangerous* if an attacker can trigger it somehow. The code path is triggered by Safe Browsing update, and it's input is coming either from data provided by Google or data provided by us, so theoretically, this shouldn't be something can be triggered by an attacker. From the crash reports, it seems this crash signature starts to occur after Fx101. Safe Browsing code hasn't changed for quite a long time, and I didn't see any suspicious changeset in 101 (most of the changes are cleanup, testcase refactoring). If I use `nsUrlClassifierPrefixSet::~nsUrlClassifierPrefixSet` to [search crash signature](https://crash-stats.mozilla.org/search/?signature=~nsUrlClassifierPrefixSet%3A%3A~nsUrlClassifierPrefixSet&date=%3E%3D2022-06-27T08%3A26%3A00.000Z&date=%3C2022-07-04T08%3A26%3A00.000Z&_facets=signature&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports), I can also see a few crash reports that were reported in Android, so this issue is probably not because of platform dependent changes.
Bug 1777588 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Gabriele Svelto [:gsvelto] from comment #0) > > I don't know what's the purpose of this code but given it has URL in the name and it's happening in the main process I guess this might be *very dangerous* if an attacker can trigger it somehow. The code path is triggered by Safe Browsing update, and it's input is coming either from data provided by Google or data provided by us, so theoretically, this shouldn't be something can be triggered by an attacker. From the crash reports, it seems this crash signature starts to occur after Fx101. Safe Browsing code hasn't changed for quite a long time, and I didn't see any suspicious changeset in 101 (most of the changes are cleanup, testcase refactoring, etc). If I use `nsUrlClassifierPrefixSet::~nsUrlClassifierPrefixSet` to [search crash signature](https://crash-stats.mozilla.org/search/?signature=~nsUrlClassifierPrefixSet%3A%3A~nsUrlClassifierPrefixSet&date=%3E%3D2022-06-27T08%3A26%3A00.000Z&date=%3C2022-07-04T08%3A26%3A00.000Z&_facets=signature&_sort=-date&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports), I can also see a few crash reports that were reported in Android, so this issue is probably not because of platform dependent changes.